04 Jul '14, 12pm

Ruby on Rails gets patches for SQL injection vulnerabilities

Ruby on Rails gets patches for SQL injection vulnerabilities

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by some high-profile websites. The Rails developers released versions 3.2.19, 4.0.7 and 4.1.3 of the framework on Wednesday, and advised users to upgrade as soon as possible. Hours later they released versions 4.0.8 and 4.1.4 to fix a regression caused by the 4.0.7 and 4.1.3 updates. One of the two SQL injection vulnerabilities affects applications running on Rails 2.0.0 to 3.2.18 that also use the PostgreSQL database system and query bit string data types. The second vulnerability affects applications running on Rails 4.0.0 to 4.1.2 when using PostgreSQL and querying range data types. Despite affecting different versions, the two flaws are related and both allow attackers to inject arbitrary SQL code into queries using specially crafted values. “The only f...

Full article: http://www.networkworld.com/article/2451001/ruby-on-rails...

Tweets

Ruby on Rails gets patches for SQL injection vu...

pcworld.com 04 Jul '14, 2pm

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by s...

Ruby on Rails gets patches for SQL injection vu...

pcworld.com 04 Jul '14, 12pm

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by s...

Ruby on Rails gets patches for SQL injection vu...

pcworld.com 04 Jul '14, 12pm

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by s...

Ruby on Rails gets patches for SQL injection vu...

news.techworld.com 04 Jul '14, 12pm

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by s...

Ruby on Rails gets patches for SQL injection vu...

pcadvisor.co.uk 04 Jul '14, 12pm

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by s...

#Ruby on Rails gets patches for SQL injection v...

itworld.com 04 Jul '14, 12pm

July 04, 2014, 8:04 AM — Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web develo...

Ruby on Rails patches tackle SQL injection vuln...

computerworld.com 04 Jul '14, 5pm

IDG News Service - Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development ...

Ruby on Rails patches tackle SQL injection vuln...

computerworld.com 04 Jul '14, 3pm

IDG News Service - Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development ...

Ruby on Rails patches tackle SQL injection vulnerabilities

Ruby on Rails patches tackle SQL injection vuln...

getsometechnews.com 04 Jul '14, 11pm

IDG News Service – Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development ...

Blog Post: Ruby on Rails patches tackle SQL inj...

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by s...

Ruby On Rails Gets Patches For SQL Injection #v...

infoworld.com 07 Jul '14, 12pm

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by s...

Ruby on Rails gets patches for SQL injection vu...

infoworld.com 07 Jul '14, 12pm

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by s...

Zwei Patches schließen SQL-Injection-Lücken in ...

heise.de 05 Jul '14, 3pm

Zwei recht ähnliche Lücken erlaubten SQL-Injections auf Websites, die auf Ruby on Rails 2.0.0 bis 3.1.18 sowie auf 4.x auf...

Zwei Patches schließen SQL-Injection-Lücken in ...

heise.de 05 Jul '14, 3pm

Zwei recht ähnliche Lücken erlaubten SQL-Injections auf Websites, die auf Ruby on Rails 2.0.0 bis 3.1.18 sowie auf 4.x auf...

#ix: Zwei Patches schließen SQL-Injection-Lücke...

heise.de 05 Jul '14, 3pm

Zwei recht ähnliche Lücken erlaubten SQL-Injections auf Websites, die auf Ruby on Rails 2.0.0 bis 3.1.18 sowie auf 4.x auf...